prepared-statements

1 article

Sort: New Top Best

bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9

Step by Step Exploiting SQLI in Oculus

exploit

Step-by-step exploitation of multiple SQL injection vulnerabilities in Oculus' website, demonstrating blind SQL injection techniques with whitespace and comma filtering bypass to extract admin session credentials. The attacker chained five SQL injections together, using creative MySQL syntax (comment blocks, OFFSET instead of comma-based LIMIT) to gain administrator access without prepared statements.

sql-injection blind-sql-injection authentication-bypass web-vulnerability mysql php penetration-testing session-hijacking bypass-techniques prepared-statements

Oculus Facebook Josip Franjković Jon Bitquark developer.oculusvr.com CompanyAction.php Burp sqlmap

josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details